22. 04. 2010 Andrea di Lernia Log Management

Provvedimento del garante e log dei Firewall Checkpoint

Come sapete il provvedimento del garante richiede di monitorare gli accessi ai sistemi informatici, tra questi uno dei piu’ critici e’ sicuramente il vostro firewall, come fare a monitorare gli accessi in presenza di un firewall Checkpoint ? Vediamolo insieme: In questo caso abbiamo un cluster di firewall Checkpoint basati su Sistema operativo IPSO che e’ un derivato da FreeBSD. Essendo un OS Unix like, abbiamo il processo syslogd che opportunamente configurato puo’ redirigere i messaggi di autenticazione verso NetEye. Prima cosa da fare e’ modificare /etc/syslog.conf , che di norma si presenta in questo modo #This file was AUTOMATICALLY GENERATED #Generated by /bin/syslog_xlate on Mon Jan 12 19:11:49 2004 # #DO NOT EDIT – EDITED TO SEND MESSAGES BASED ON FACILITY # *.err;auth.debugadmin *.notice;cron.*;auth.info;kern.debug/var/log/messages *.emerg* *.err;auth.notice;kern.debug/dev/console aggiungiamo in fondo la riga auth.*  @10.10.1.120 dove 10.10.1.120 e’ l’ indirizzo del NetEye, ricordatevi che tra auth.* e @10.10.1.120 devono essere separati da almeno un TAB. A questo punto e’ sufficiente riavviare il syslogd e tutto dovrebbe funzionare. Per essere sicuri che la modifica sia valida anche al prossimo riavvio del Firewall ( IPSO tende a sovrascrivere i file modificati manualmente), e’ necessario salvarsi il file modificato e ricopiarlo ad ogni avvio del firewall. Un sistema puo’ essere il seguente; copiate il file originale in un posto sicuro cp /etc/syslog.conf /var/admin/syslog.bak modificate il file /var/etc/rc.local (che viene eseguito durante la procedura di reboot) ed inserite le seguenti righe: sleep 15 cp /var/admin/syslog.bak /etc/syslog.conf kill -HUP `ps aux | grep syslogd | grep -v grep | awk ‘{ print $2 }’` questa procedura si occupa di ricopiare il file che avete salvato nella sua posizione originale e riavviare il demone del syslog. Se avete fatto tutto correttamente il firewall inviera’ le informazioni relative agli accessi al NetEye; ricordatevi che se avete un cluster dovete ripetere l’ operazione su ogni nodo.
Andrea di Lernia

Andrea di Lernia

Profit Center Manager at Würth Phoenix
Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter. I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime

Author

Andrea di Lernia

Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter. I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime

Latest posts by Andrea di Lernia

02. 09. 2015 NetEye
Monitoring the Quality of VoIP Communications Using IP SLA
02. 09. 2015 NetEye
Monitoraggio delle comunicazioni VoIP tramite IP SLA
02. 09. 2015 NetEye
VoIP-Monitoring mit IP SLA
06. 05. 2015 Garante della Privacy, NetEye
Archiviazione dei log e poi?
06. 05. 2015 Log Management, NetEye
What to do with all those logs?
See All

Related Content

Tags: , , , ,

06. 12. 2023 Business Service Monitoring, NetEye

Monitoring a Business Process

Scenario NetEye 4 is a comprehensive monitoring platform which natively supports Business Processes. A Business Process is an abstract view of a customer’s Business from the Application point of view. Usually, it’s a collection of Icinga2 checks aggregated by “AND, Read More
30. 11. 2023 Log Management, Log-SIEM, NetEye, Unified Monitoring

Monitor Your Elasticsearch Agents Registered in the Elastic Fleet Server

Say you're using the SIEM Module in NetEye and are deploying the Elasticsearch Agent to your clients. You'd surely like to know if those agents are still sending data and are still connected to the Elastic Fleet server. I had Read More
30. 10. 2023 Atlassian, NetEye

How to Monitor NetEye with OpsGenie Heartbeats

Have you ever thought about how to monitor your NetEye system or other critical applications in a network failure scenario? To manage this scenario, in some customer cases some solutions have been implemented using SMS notifications, thus relying on the Read More
09. 10. 2023 Log-SIEM, Machine Learning, NetEye

Semantic Search in Elasticsearch – Testing Our NetEye Guide: Can We Improve the Search Experience? (Part 2) 

In my previous blog post, we saw how it's possible to index some documents that we created by crawling our NetEye User Guide, then applying the ELSER model in Elasticsearch to create a bag of words for searching that takes Read More
03. 10. 2023 Log-SIEM, Machine Learning, NetEye

Semantic Search in Elasticsearch – Testing Our NetEye Guide: Can We Improve the Search Experience? (Part 1)

Once upon a time (in fact it was just a month ago, but it sounds more dramatic this way) I had the opportunity to attend a webinar about Vector Search, Generative AI, and modern NLP by the Elastic Team. One Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive